Kerberos authentication for Web Services
Johan A. van Zanten
johanvz at ewranglers.com
Tue Jul 9 14:20:04 EDT 2002
David Magda <dmagda+usenet at ee.ryerson.ca> writes:
> jredburn at wso.williams.edu (jeremy redburn) writes:
>
> [...]
> > But this doesn't seem to fit into the idea of how Kerberos
> > authentication works. Is anyone doing Kerberos authentication via SOAP
> > calls? What do people recommend for an authentication mechanism for a
> > family of web services?
>
>
> Try the following:
>
> http://modauthkerb.sourceforge.net/index.html
>
> Haven't used it myself. YMMV.
I've used it quite a bit for just about a year now on Solaris 8 running
Apache 1.3 and 2.0.36, and i have found no problems with it.
I protect the pages that authenticate against it with SSL.
An .htaccess file using it looks like this:
SSLRequireSSL
AuthType KerberosV5
AuthName "Kerberos Username and Password"
KrbAuthAuthoritative Off
require user johan
Initially, configuration and building was a little difficult. Make sure
to read the docs thoroughly.
Below are the contents of the Makefile i use to compile it as an Apache 2
DSO. Maybe it'll save you a little time.
-johan
DEFS = -DAPXS2 -DKRB5 -DKRB_DEF_REALM=\\\"EWRANGLERS.COM\\\"
LIBS = -L/usr/local/krb5/lib -lkrb5 -lcom_err -lk5crypto
INC = -I/usr/local/krb5/include
APXS = /usr/local/apache2/bin/apxs
mod_auth_kerb:
$(APXS) -i -c $(DEFS) $(LIBS) $(INC) mod_auth_kerb.c
install: mod_auth_kerb
$(APXS) -i .libs/mod_auth_kerb.so
all: mod_auth_kerb
clean:
rm -fr .libs
rm -f *.la *.lo *.o *.slo
More information about the Kerberos
mailing list